The SCTC_REFRESH_EXPORT_TAB_COMP function doesn't correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.
By exploiting this vulnerability an authenticated user will be able to take full control of the system.